CVSS: 5.1EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal lateral ataques a una operación de comprobación de incumplimiento MAC durante el procesamiento de malformaciones relleno CBC, que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperación de texto plano-a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www. • CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3763
https://notcve.org/view.php?id=CVE-2009-3763
Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Access Manager / OpenSSO de Oracle OpenSSO Enterprise v7.1, v7, v2005Q4, y v8.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0894
https://notcve.org/view.php?id=CVE-2010-0894
Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente Sun Java System Access Manager en Oracle Sun Product Suite v7.1, 7 2005Q4, y OpenSSO Enterprise v8.0 allows a atacantes afectar la confidencialidad e integridad a través de vectores desconocidos. • http://secunia.com/advisories/39431 http://sunsolve.sun.com/search/document.do?assetkey=1-66-267568-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020934.1-1 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html http://www.securityfocus.com/bid/39457 http://www.us-cert.gov/cas/techalerts/TA10-103B.html https://exchange.xforce.ibmcloud.com/vulnerabilities/57750 •